MozillaZine

Javascript File i/o

Thursday May 25th, 2000

Pete Collins from Alphanumerica and Mozilla developers have created a Javascript interface for doing file i/o in Mozilla, which will allow new Mozilla components like Alphanumerica's Crash Recovery system to function properly.

Patterned after the PHP filesystem functions, simple functions such as file read/write and directory create are supported. The code has not yet made it into the nightly build, but they expect it will get in soon.

Note from AN: There seems to be a misconception about Javascript File I/O being a security risk. It is important to clarify that this project is not opening any security holes in Mozilla. There is a difference between Javascript on the Internet and Javascript inside the application. Javascript is used inside Mozilla to create the functionality for the application. This is in contrast to any Javascript downloaded from the Internet that is used for functionality only inside a Web page. This project does not grant any access to Javascript found on the Internet. For more information about how Javascript is used inside Mozilla read more about XPCOM and XPConnect.


#18 Re: Re: Oh per-lease.......

by gregquinn

Thursday May 25th, 2000 3:13 PM

You are replying to this message

My understanding of this is that it's primarily intended for core-level XUL programming, and having a whole slew of alert boxes telling you when something is happening is going to be a disaster. Folks cheerfully download and install binaries from any old web site; in effect, this is exactly the same deal, where if the XUL content is located on the persons hard drive I don't expect to alarm that person by informing them of every damn system call I make; microsoft, or any other program vendor does not routinely do this for good reason; I don't expect to have to do this for a genuine Moz app. If I send out a modal OK/Cancel alert every time I write to the disk, it looks like there's something inherently risky about the whole thing... yes, of course advisable on a remote chrome or any other XUL component directly run from a web site, but nihilistic on a local chrome.